samba - Dec 2006 - Winbind do not maintains mappings between UIDs, GIDs and SIDs

Hello,
I?m trying to use winbind to allow my AD users to logon to our linux 
computers.
I?m using FC6 and Samba 3.0.23c-2.
I have several problems:

1. When I start linux machine and immediately ofter logging in I try to 
check trust secret by running wbinfo -t
 I receive this error:
checking the trust secret via RPC calls failed
error code was NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND (0xc0000233)
could not check secret

When I try to run wbinfo -t after a short while it returns:
checking the trust secret via RPC calls succeeded.

Is this normal behaviour?

2.Winbind do not maintain mappings between UIDs, GIDs and SIDs
Winbindd and smbd are running, but when I run getent passwd I receive 
list of
linux local users. And I?m not able to login to my linux machine until I 
manually
add information about user in \etc\paswd. But this is unacceptable for 
me because I have
600+ users in my domain. Is there way how to make winbind to 
automaticaly update user mappings?

3. When I manually add informations about user into passwd I?m able to 
login but
after inserting username I have to insert my password twice. Where can 
be the problem?

My configuration files:

My smb.conf:
[global]
 workgroup = MYDOMAIN.COM
 server string = Samba Server
 security = domain
 winbind separator = \
idmap uid = 16777216-33554431
 idmap gid = 16777216-33554431
 winbind enum users = yes
 winbind enum groups = yes
 template homedir = /home/winnt/%U
 template shell = /bin/bash
 winbind use default domain = true
 winbind cache time = 10
 encrypt passwords = yes
winbind trusted domains only = yes
 obey pam restrictions = yes
 password server = server.mydomain.com
[homes]
 comment = Home Directories
 browseable = no
 writable = yes

My nsswitch.conf:

passwd:     files winbind
shadow:     files winbind
group:      files winbind
hosts:      files dns
bootparams: nisplus [NOTFOUND=return] files
ethers:     files
netmasks:   files
networks:   files
protocols:  files winbind
rpc:        files
services:   files winbind
netgroup:   files winbind
publickey:  nisplus
automount:  files winbind
aliases:    files nisplus

My pam.d configuration:
auth        required      pam_env.so
auth        sufficient    pam_unix.so nullok try_first_pass
auth        requisite     pam_succeed_if.so uid >= 500 quiet
auth        sufficient    pam_winbind.so
auth        required      pam_deny.so

account     required      pam_unix.so broken_shadow
account     sufficient    pam_localuser.so
account     sufficient    pam_succeed_if.so uid < 500 quiet
account     sufficient    pam_winbind.so
account     required      pam_permit.so

password    requisite     pam_cracklib.so try_first_pass retry=3
password    sufficient    pam_unix.so md5 shadow nullok try_first_pass 
use_authtok
password    sufficient    pam_winbind.so use_authtok
password    required      pam_deny.so

session     optional      pam_keyinit.so revoke
session     required      pam_limits.so
session     [success=1 default=ignore] pam_succeed_if.so service in 
crond quiet use_uid
session     required      pam_unix.so

session     required    pam_mkhomedir.so skel=/etc/skel/ umask=0022

Thanks for any help.

Jiri

Do you have libnss_winbind.so in /lib?  There should also be a symbolic
link to it in the same directory called libnss_winbind.so.2

Yes:
/usr/lib/libnss_winbind.so
/lib/libnss_winbind.so.2

Franz Strebel napsal(a):
> Do you have libnss_winbind.so in /lib?  There should also be a symbolic
> link to it in the same directory called libnss_winbind.so.2
>

Hello,
I?m trying to use winbind to allow my AD users to logon to our linux
computers.
I?m using FC6 and Samba 3.0.23c-2.
I have several problems:

1. When I start linux machine and immediately ofter logging in I try to
check trust secret by running wbinfo -t
I receive this error:
checking the trust secret via RPC calls failed
error code was NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND (0xc0000233)
could not check secret

When I try to run wbinfo -t after a short while it returns:
checking the trust secret via RPC calls succeeded.

Is this normal behaviour?

2.Winbind do not maintain mappings between UIDs, GIDs and SIDs
Winbindd and smbd are running, but when I run getent passwd I receive list
of
linux local users. And I?m not able to login to my linux machine until I
manually
add information about user in \etc\paswd. But this is unacceptable for me
because I have
600+ users in my domain. Is there way how to make winbind to automaticaly
update user mappings?

3. When I manually add informations about user into passwd I?m able to login
but
after inserting username I have to insert my password twice. Where can be
the problem?

My configuration files:

My smb.conf:
[global]
workgroup = MYDOMAIN.COM
server string = Samba Server
security = domain
winbind separator = \
idmap uid = 16777216-33554431
idmap gid = 16777216-33554431
winbind enum users = yes
winbind enum groups = yes
template homedir = /home/winnt/%U
template shell = /bin/bash
winbind use default domain = true
winbind cache time = 10
encrypt passwords = yes
winbind trusted domains only = yes
obey pam restrictions = yes
password server = server.mydomain.com
[homes]
comment = Home Directories
browseable = no
writable = yes

My nsswitch.conf:

passwd:     files winbind
shadow:     files winbind
group:      files winbind
hosts:      files dns
bootparams: nisplus [NOTFOUND=return] files
ethers:     files
netmasks:   files
networks:   files
protocols:  files winbind
rpc:        files
services:   files winbind
netgroup:   files winbind
publickey:  nisplus
automount:  files winbind
aliases:    files nisplus

My pam.d configuration:
auth        required      pam_env.so
auth        sufficient    pam_unix.so nullok try_first_pass
auth        requisite     pam_succeed_if.so uid >= 500 quiet
auth        sufficient    pam_winbind.so
auth        required      pam_deny.so

account     required      pam_unix.so broken_shadow
account     sufficient    pam_localuser.so
account     sufficient    pam_succeed_if.so uid < 500 quiet
account     sufficient    pam_winbind.so
account     required      pam_permit.so

password    requisite     pam_cracklib.so try_first_pass retry=3
password    sufficient    pam_unix.so md5 shadow nullok try_first_pass
use_authtok
password    sufficient    pam_winbind.so use_authtok
password    required      pam_deny.so

session     optional      pam_keyinit.so revoke
session     required      pam_limits.so
session     [success=1 default=ignore] pam_succeed_if.so service in crond
quiet use_uid
session     required      pam_unix.so

session     required    pam_mkhomedir.so skel=/etc/skel/ umask=0022

Thanks for any help.

Jiri 
-- 
View this message in context:
http://www.nabble.com/Winbind-do-not-maintains-mappings-between-UIDs%2C%09GIDs-and-SIDs-tf2773361.html#a7736155
Sent from the Samba - General mailing list archive at Nabble.com.